diff --git a/.github/workflows/publish-ci.yml b/.github/workflows/publish-ci.yml index 21ba99b..f59fbf0 100644 --- a/.github/workflows/publish-ci.yml +++ b/.github/workflows/publish-ci.yml @@ -7,7 +7,7 @@ on: # Triggers the workflow on push or pull request events but only for the main branch push: branches: - - 2.5.x + - 2.6.x # Ignore anything unrelated to a chart release paths-ignore: - 'charts/couchbase-operator/examples/**' diff --git a/.github/workflows/validate-ci.yml b/.github/workflows/validate-ci.yml index ce99791..34c223b 100644 --- a/.github/workflows/validate-ci.yml +++ b/.github/workflows/validate-ci.yml @@ -5,7 +5,7 @@ name: Validate CI on: pull_request: branches: - - 2.5.x + - 2.6.x # Ignore anything unrelated to a chart release paths-ignore: - 'charts/couchbase-operator/examples/**' diff --git a/charts/couchbase-operator/Chart.yaml b/charts/couchbase-operator/Chart.yaml index dce4e2f..cbc844b 100644 --- a/charts/couchbase-operator/Chart.yaml +++ b/charts/couchbase-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: couchbase-operator description: A Helm chart to deploy the Couchbase Autonomous Operator for easily deploying, managing, and maintaining Couchbase Clusters. Couchbase Server is a NoSQL document database with a distributed architecture for performance, scalability, and availability. It enables developers to build applications easier and faster by leveraging the power of SQL with the flexibility of JSON. -version: 2.50.4 -appVersion: 2.5.0 +version: 2.60.0 +appVersion: 2.6.0 type: application keywords: - couchbase diff --git a/charts/couchbase-operator/README.md b/charts/couchbase-operator/README.md index 8510ef0..90752d4 100644 --- a/charts/couchbase-operator/README.md +++ b/charts/couchbase-operator/README.md @@ -3,7 +3,7 @@ A Helm chart to deploy the Couchbase Autonomous Operator for easily deploying, managing, and maintaining Couchbase Clusters. Couchbase Server is a NoSQL document database with a distributed architecture for performance, scalability, and availability. It enables developers to build applications easier and faster by leveraging the power of SQL with the flexibility of JSON. -![Version: 2.50.3](https://img.shields.io/badge/Version-2.50.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) +![Version: 2.60.0](https://img.shields.io/badge/Version-2.60.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-informational?style=flat-square) Deploying the Operator and Couchbase Server =========================================== @@ -40,7 +40,7 @@ for more information about customizing and managing your charts. | admissionCA.key | string | `nil` | A base64 encoded PEM format private key | | admissionController.commandArgs | object | `{"default-file-system-group":true,"validate-secrets":true,"validate-storage-classes":true}` | Set of command-line flags to pass on to the Admission Controller to modify its behavior. Do not change. | | admissionController.disableValidatingWebhook | bool | `false` | Disable the creation of Validation webhook. Setting to 'false' may be helpful when installing into a restricted environments (ie Strict mTLS), since disabling avoids performing resource fetching and validation from the Kubernetes API server. | -| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Admission container. | +| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.6.0"}` | Image specifies repository and tag of the Couchbase Admission container. | | admissionController.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | | admissionController.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images | | admissionController.name | string | `"couchbase-admission-controller"` | | @@ -73,7 +73,7 @@ for more information about customizing and managing your charts. | buckets.default.scopes | object | `{"managed":false,"resources":[],"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. | | buckets.default.scopes.managed | bool | `false` | Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present. | | buckets.default.scopes.resources | list | `[]` | Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. | -| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.21/#labelselector-v1-meta | +| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.28/#labelselector-v1-meta | | buckets.default.scopes.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | | buckets.default.scopes.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | | buckets.default.storageBackend | string | `"couchstore"` | StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". This cannot be edited after bucket creation. Note: "magma" is only valid for Couchbase Server 7.1.0 onward. | @@ -95,9 +95,10 @@ for more information about customizing and managing your charts. | cluster.backup.objectEndpoint.secret | string | `nil` | The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" | | cluster.backup.objectEndpoint.url | string | `nil` | The host/address of the custom object endpoint. | | cluster.backup.objectEndpoint.useVirtualPath | bool | `false` | UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. | -| cluster.backup.resources | object | `{"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. | +| cluster.backup.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. | +| cluster.backup.resources.claims | object | `{"name":null}` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. | | cluster.backup.resources.limits | string | `nil` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/ | -| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/ | +| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/ | | cluster.backup.s3Secret | string | `nil` | Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the `spec.s3bucket` field is specified for a backup or restore resource. | | cluster.backup.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. | | cluster.backup.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | @@ -130,10 +131,10 @@ for more information about customizing and managing your charts. | cluster.cluster.autoFailoverTimeout | string | `"120s"` | AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration | | cluster.cluster.clusterName | string | `nil` | ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource's metadata. | | cluster.cluster.data | object | `{"auxIOThreads":null,"nonIOThreads":null,"readerThreads":null,"writerThreads":null}` | Data allows the data service to be configured. | -| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | -| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | -| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | -| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | | cluster.cluster.dataServiceMemoryQuota | string | `"256Mi"` | DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/#resource-units-in-kubernetes | | cluster.cluster.eventingServiceMemoryQuota | string | `"256Mi"` | EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | cluster.cluster.indexServiceMemoryQuota | string | `"256Mi"` | IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/#resource-units-in-kubernetes | @@ -158,34 +159,34 @@ for more information about customizing and managing your charts. | cluster.envImagePrecedence | bool | `false` | EnvImagePrecedence gives precedence over the default container image name in `spec.Image` to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator- configuration.html | | cluster.hibernate | bool | `false` | Hibernate is whether to hibernate the cluster. | | cluster.hibernationStrategy | string | `nil` | HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false. | -| cluster.image | string | `"couchbase/server:7.2.0"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. | +| cluster.image | string | `"couchbase/server:7.2.3"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. | | cluster.logging.audit.disabledEvents | string | `nil` | The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit- event-reference.html | | cluster.logging.audit.disabledUsers | string | `nil` | The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage- security/manage-auditing.html#ignoring-events-by-user | | cluster.logging.audit.enabled | bool | `false` | Enabled is a boolean that enables the audit capabilities. | -| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | +| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | | cluster.logging.audit.rotation | object | `{"interval":"15m","size":"20Mi"}` | The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | | cluster.logging.logRetentionCount | string | `nil` | LogRetentionCount gives the number of persistent log PVCs to keep. | | cluster.logging.logRetentionTime | string | `nil` | LogRetentionTime gives the time to keep persistent log PVCs alive for. | | cluster.logging.server.configurationName | string | `"fluent-bit-config"` | ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway. | | cluster.logging.server.enabled | bool | `false` | Enabled is a boolean that enables the logging sidecar container. | | cluster.logging.server.manageConfiguration | bool | `true` | A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it's ownership stays the same so it will be cleaned up when it's owner is. | -| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. | +| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. | | cluster.monitoring | object | `{}` | Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. | | cluster.name | string | `nil` | Name of the cluster, defaults to name of chart release | | cluster.networking.addressFamily | string | `nil` | AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+. | -| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.21/#service-v1-core | +| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.28/#service-v1-core | | cluster.networking.adminConsoleServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | | cluster.networking.adminConsoleServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | | cluster.networking.adminConsoleServices | list | `["data"]` | DEPRECATED - not required by Couchbase Server. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once. | | cluster.networking.cloudNativeGateway | object | `{"image":null,"tls":{"serverSecretName":null}}` | DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. | | cluster.networking.cloudNativeGateway.image | string | `nil` | DEVELOPER PREVIEW - This feature is in developer preview. Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. | -| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. | +| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named `couchbase-cloud- native-gateway-self-signed-secret-` unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as `couchbase-cloud-native-gateway- self-signed-secret-` with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else would be ignored. | | cluster.networking.disableUIOverHTTP | bool | `false` | DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false. | | cluster.networking.disableUIOverHTTPS | bool | `false` | DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false. | | cluster.networking.dns | object | `{"domain":null}` | DNS defines information required for Dynamic DNS support. | | cluster.networking.dns.domain | string | `nil` | Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server. | | cluster.networking.exposeAdminConsole | bool | `true` | ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field. | -| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.21/#service-v1-core | +| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.28/#service-v1-core | | cluster.networking.exposedFeatureServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | | cluster.networking.exposedFeatureServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | | cluster.networking.exposedFeatureTrafficPolicy | string | `nil` | DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local", | @@ -195,6 +196,7 @@ for more information about customizing and managing your charts. | cluster.networking.serviceAnnotations | string | `nil` | DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation. | | cluster.networking.waitForAddressReachable | string | `"10m"` | WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial `waitForAddressReachableDelay` to allow propagation. | | cluster.networking.waitForAddressReachableDelay | string | `"2m"` | WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses. | +| cluster.onlineVolumeExpansionTimeoutInMins | string | `nil` | OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes. | | cluster.paused | bool | `false` | Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action. | | cluster.platform | string | `nil` | Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure". | | cluster.recoveryPolicy | string | `nil` | RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". | @@ -211,7 +213,7 @@ for more information about customizing and managing your charts. | cluster.security.podSecurityContext.runAsUser | int | `1000` | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.seLinuxOptions | object | `{"level":null,"role":null,"type":null,"user":null}` | The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.seccompProfile | object | `{"localhostProfile":null,"type":null}` | The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. | -| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. | +| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.sysctls | object | `{"name":null,"value":null}` | Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.windowsOptions | object | `{"gmsaCredentialSpec":null,"gmsaCredentialSpecName":null,"hostProcess":false,"runAsUserName":null}` | The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. | | cluster.security.rbac | object | `{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | RBAC is the options provided for enabling and selecting RBAC User resources to manage. | @@ -226,16 +228,17 @@ for more information about customizing and managing your charts. | cluster.servers.default.services | list | `["data","index","query","search","analytics","eventing"]` | Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. | | cluster.servers.default.size | int | `3` | Size is the expected requested of the server class. This field must be greater than or equal to 1. | | cluster.softwareUpdateNotifications | bool | `false` | SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. | +| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | | cluster.upgradeStrategy | string | `nil` | UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". | -| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | +| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | | cluster.volumeClaimTemplates.metadata | object | `{"annotations":null,"labels":null,"name":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | | cluster.volumeClaimTemplates.metadata.annotations | string | `nil` | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations | | cluster.volumeClaimTemplates.metadata.labels | string | `nil` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | | cluster.volumeClaimTemplates.metadata.name | string | `nil` | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user- guide/identifiers#names | -| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes | +| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes | | cluster.volumeClaimTemplates.spec.accessModes | string | `nil` | accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent- volumes#access-modes-1 | -| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | -| cluster.volumeClaimTemplates.spec.resources | object | `{"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | +| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null,"namespace":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | +| cluster.volumeClaimTemplates.spec.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | | cluster.volumeClaimTemplates.spec.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | selector is a label query over volumes to consider for binding. | | cluster.volumeClaimTemplates.spec.storageClassName | string | `nil` | storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | | cluster.volumeClaimTemplates.spec.volumeMode | string | `nil` | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. | @@ -256,7 +259,7 @@ for more information about customizing and managing your charts. | coredns.service | string | `nil` | Name of Kubernetes service which exposes DNS endpoints | | couchbaseOperator.commandArgs | object | `{"pod-create-timeout":"10m"}` | Set of command-line flags to pass on to the Operator to modify its behavior. see: https://docs.couchbase.com/operator/2.0/reference-operator-configuration.html#command-line-arguments | | couchbaseOperator.commandArgs.pod-create-timeout | string | `"10m"` | Pod creation timeout. The Operator allows the timeout of pod creation to be manually configured. It is primarily intended for use on cloud platforms where the deployment of multiple volumes and pulling of a Couchbase Server container image may take a longer time than the default timeout period. | -| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Operator container. | +| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.6.0"}` | Image specifies repository and tag of the Couchbase Operator container. | | couchbaseOperator.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | | couchbaseOperator.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images. | | couchbaseOperator.name | string | `"couchbase-operator"` | Name of the couchbase operator Deployment | diff --git a/charts/couchbase-operator/README.md.adoc b/charts/couchbase-operator/README.md.adoc index b2027e0..003fdda 100644 --- a/charts/couchbase-operator/README.md.adoc +++ b/charts/couchbase-operator/README.md.adoc @@ -5,7 +5,7 @@ | admissionCA.key | string | `nil` | A base64 encoded PEM format private key | admissionController.commandArgs | object | `{"default-file-system-group":true,"validate-secrets":true,"validate-storage-classes":true}` | Set of command-line flags to pass on to the Admission Controller to modify its behavior. Do not change. | admissionController.disableValidatingWebhook | bool | `false` | Disable the creation of Validation webhook. Setting to 'false' may be helpful when installing into a restricted environments (ie Strict mTLS), since disabling avoids performing resource fetching and validation from the Kubernetes API server. -| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Admission container. +| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.6.0"}` | Image specifies repository and tag of the Couchbase Admission container. | admissionController.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | admissionController.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images | admissionController.name | string | `"couchbase-admission-controller"` | @@ -38,7 +38,7 @@ | buckets.default.scopes | object | `{"managed":false,"resources":[],"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. | buckets.default.scopes.managed | bool | `false` | Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present. | buckets.default.scopes.resources | list | `[]` | Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. -| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta | buckets.default.scopes.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | buckets.default.scopes.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | buckets.default.storageBackend | string | `"couchstore"` | StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". This cannot be edited after bucket creation. Note: "magma" is only valid for Couchbase Server 7.1.0 onward. @@ -49,7 +49,7 @@ | cluster.autoResourceAllocation.enabled | bool | `false` | Enabled defines whether auto-resource allocation is enabled. | cluster.autoResourceAllocation.overheadPercent | int | `25` | OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%. | cluster.autoscaleStabilizationPeriod | string | `nil` | AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance. -| cluster.backup | object | `{"annotations":null,"image":"couchbase/operator-backup:1.3.5","imagePullSecrets":{"name":null},"labels":null,"managed":true,"nodeSelector":null,"objectEndpoint":{"secret":null,"url":null,"useVirtualPath":false},"resources":{"limits":null,"requests":null},"s3Secret":null,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"serviceAccountName":"couchbase-backup","tolerations":{"effect":null,"key":null,"operator":null,"tolerationSeconds":null,"value":null},"useIAMRole":false}` | Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. Refer to the documentation for supported values https://docs.couchbase.com/operator/current/howto-backup.html#enable-automated-backup +| cluster.backup | object | `{"annotations":null,"image":"couchbase/operator-backup:1.3.5","imagePullSecrets":{"name":null},"labels":null,"managed":true,"nodeSelector":null,"objectEndpoint":{"secret":null,"url":null,"useVirtualPath":false},"resources":{"claims":{"name":null},"limits":null,"requests":null},"s3Secret":null,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"serviceAccountName":"couchbase-backup","tolerations":{"effect":null,"key":null,"operator":null,"tolerationSeconds":null,"value":null},"useIAMRole":false}` | Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. Refer to the documentation for supported values https://docs.couchbase.com/operator/current/howto-backup.html#enable-automated-backup | cluster.backup.annotations | string | `nil` | Annotations defines additional annotations to appear on the backup/restore pods. | cluster.backup.image | string | `"couchbase/operator-backup:1.3.5"` | The Backup Image to run on backup pods. | cluster.backup.imagePullSecrets | object | `{"name":null}` | ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones. @@ -61,9 +61,10 @@ | cluster.backup.objectEndpoint.secret | string | `nil` | The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" | cluster.backup.objectEndpoint.url | string | `nil` | The host/address of the custom object endpoint. | cluster.backup.objectEndpoint.useVirtualPath | bool | `false` | UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. -| cluster.backup.resources | object | `{"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. +| cluster.backup.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. +| cluster.backup.resources.claims | object | `{"name":null}` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. | cluster.backup.resources.limits | string | `nil` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | cluster.backup.s3Secret | string | `nil` | Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the `spec.s3bucket` field is specified for a backup or restore resource. | cluster.backup.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. | cluster.backup.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -97,10 +98,10 @@ | cluster.cluster.autoFailoverTimeout | string | `"120s"` | AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration | cluster.cluster.clusterName | string | `nil` | ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource's metadata. | cluster.cluster.data | object | `{"auxIOThreads":null,"nonIOThreads":null,"readerThreads":null,"writerThreads":null}` | Data allows the data service to be configured. -| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. -| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. -| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. -| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | cluster.cluster.dataServiceMemoryQuota | string | `"256Mi"` | DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.eventingServiceMemoryQuota | string | `"256Mi"` | EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.indexServiceMemoryQuota | string | `"256Mi"` | IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes @@ -125,38 +126,38 @@ | cluster.envImagePrecedence | bool | `false` | EnvImagePrecedence gives precedence over the default container image name in `spec.Image` to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html | cluster.hibernate | bool | `false` | Hibernate is whether to hibernate the cluster. | cluster.hibernationStrategy | string | `nil` | HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false. -| cluster.image | string | `"couchbase/server:7.2.0"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. -| cluster.logging | object | `{"audit":{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}},"logRetentionCount":null,"logRetentionTime":null,"server":{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}}}` | Logging defines Operator logging options. -| cluster.logging.audit | object | `{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}}` | Used to manage the audit configuration directly +| cluster.image | string | `"couchbase/server:7.2.3"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. +| cluster.logging | object | `{"audit":{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}},"logRetentionCount":null,"logRetentionTime":null,"server":{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}}}` | Logging defines Operator logging options. +| cluster.logging.audit | object | `{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}}` | Used to manage the audit configuration directly | cluster.logging.audit.disabledEvents | string | `nil` | The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html | cluster.logging.audit.disabledUsers | string | `nil` | The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user | cluster.logging.audit.enabled | bool | `false` | Enabled is a boolean that enables the audit capabilities. -| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html +| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html | cluster.logging.audit.rotation | object | `{"interval":"15m","size":"20Mi"}` | The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html | cluster.logging.logRetentionCount | string | `nil` | LogRetentionCount gives the number of persistent log PVCs to keep. | cluster.logging.logRetentionTime | string | `nil` | LogRetentionTime gives the time to keep persistent log PVCs alive for. -| cluster.logging.server | object | `{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}}` | Specification of all logging configuration required to manage the sidecar containers in each pod. +| cluster.logging.server | object | `{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}}` | Specification of all logging configuration required to manage the sidecar containers in each pod. | cluster.logging.server.configurationName | string | `"fluent-bit-config"` | ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway. | cluster.logging.server.enabled | bool | `false` | Enabled is a boolean that enables the logging sidecar container. | cluster.logging.server.manageConfiguration | bool | `true` | A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it's ownership stays the same so it will be cleaned up when it's owner is. -| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. +| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. | cluster.monitoring | object | `{}` | Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. | cluster.name | string | `nil` | Name of the cluster, defaults to name of chart release | cluster.networking | object | `{"addressFamily":null,"adminConsoleServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"adminConsoleServices":["data"],"cloudNativeGateway":{"image":null,"tls":{"serverSecretName":null}},"disableUIOverHTTP":false,"disableUIOverHTTPS":false,"dns":{"domain":null},"exposeAdminConsole":true,"exposedFeatureServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"exposedFeatureTrafficPolicy":null,"exposedFeatures":["client","xdcr"],"loadBalancerSourceRanges":null,"networkPlatform":null,"serviceAnnotations":null,"waitForAddressReachable":"10m","waitForAddressReachableDelay":"2m"}` | Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. | cluster.networking.addressFamily | string | `nil` | AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+. -| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core +| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core | cluster.networking.adminConsoleServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | cluster.networking.adminConsoleServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | cluster.networking.adminConsoleServices | list | `["data"]` | DEPRECATED - not required by Couchbase Server. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once. | cluster.networking.cloudNativeGateway | object | `{"image":null,"tls":{"serverSecretName":null}}` | DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. | cluster.networking.cloudNativeGateway.image | string | `nil` | DEVELOPER PREVIEW - This feature is in developer preview. Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. -| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. +| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named `couchbase-cloud- native-gateway-self-signed-secret-` unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as `couchbase-cloud-native-gateway- self-signed-secret-` with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else would be ignored. | cluster.networking.disableUIOverHTTP | bool | `false` | DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false. | cluster.networking.disableUIOverHTTPS | bool | `false` | DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false. | cluster.networking.dns | object | `{"domain":null}` | DNS defines information required for Dynamic DNS support. | cluster.networking.dns.domain | string | `nil` | Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server. | cluster.networking.exposeAdminConsole | bool | `true` | ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field. -| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core +| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core | cluster.networking.exposedFeatureServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | cluster.networking.exposedFeatureServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | cluster.networking.exposedFeatureTrafficPolicy | string | `nil` | DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local", @@ -166,6 +167,7 @@ | cluster.networking.serviceAnnotations | string | `nil` | DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation. | cluster.networking.waitForAddressReachable | string | `"10m"` | WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial `waitForAddressReachableDelay` to allow propagation. | cluster.networking.waitForAddressReachableDelay | string | `"2m"` | WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses. +| cluster.onlineVolumeExpansionTimeoutInMins | string | `nil` | OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes. | cluster.paused | bool | `false` | Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action. | cluster.platform | string | `nil` | Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure". | cluster.recoveryPolicy | string | `nil` | RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". @@ -183,7 +185,7 @@ | cluster.security.podSecurityContext.runAsUser | int | `1000` | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.seLinuxOptions | object | `{"level":null,"role":null,"type":null,"user":null}` | The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.seccompProfile | object | `{"localhostProfile":null,"type":null}` | The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. -| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.sysctls | object | `{"name":null,"value":null}` | Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.windowsOptions | object | `{"gmsaCredentialSpec":null,"gmsaCredentialSpecName":null,"hostProcess":false,"runAsUserName":null}` | The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. | cluster.security.rbac | object | `{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | RBAC is the options provided for enabling and selecting RBAC User resources to manage. @@ -199,20 +201,21 @@ | cluster.servers.default.autoscaleEnabled | bool | `false` | AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA). | cluster.servers.default.env | list | `[]` | Env allows the setting of environment variables in the Couchbase server container. | cluster.servers.default.envFrom | list | `[]` | EnvFrom allows the setting of environment variables in the Couchbase server container. -| cluster.servers.default.pod | object | `{"spec":{}}` | Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core +| cluster.servers.default.pod | object | `{"spec":{}}` | Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core | cluster.servers.default.services | list | `["data","index","query","search","analytics","eventing"]` | Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. | cluster.servers.default.size | int | `3` | Size is the expected requested of the server class. This field must be greater than or equal to 1. | cluster.softwareUpdateNotifications | bool | `false` | SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. +| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | cluster.upgradeStrategy | string | `nil` | UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". -| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. +| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | cluster.volumeClaimTemplates.metadata | object | `{"annotations":null,"labels":null,"name":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | cluster.volumeClaimTemplates.metadata.annotations | string | `nil` | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations | cluster.volumeClaimTemplates.metadata.labels | string | `nil` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | cluster.volumeClaimTemplates.metadata.name | string | `nil` | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names -| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes +| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes | cluster.volumeClaimTemplates.spec.accessModes | string | `nil` | accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 -| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -| cluster.volumeClaimTemplates.spec.resources | object | `{"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null,"namespace":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| cluster.volumeClaimTemplates.spec.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | cluster.volumeClaimTemplates.spec.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | selector is a label query over volumes to consider for binding. | cluster.volumeClaimTemplates.spec.storageClassName | string | `nil` | storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | cluster.volumeClaimTemplates.spec.volumeMode | string | `nil` | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. @@ -233,7 +236,7 @@ | coredns.service | string | `nil` | Name of Kubernetes service which exposes DNS endpoints | couchbaseOperator.commandArgs | object | `{"pod-create-timeout":"10m"}` | Set of command-line flags to pass on to the Operator to modify its behavior. see: https://docs.couchbase.com/operator/2.0/reference-operator-configuration.html#command-line-arguments | couchbaseOperator.commandArgs.pod-create-timeout | string | `"10m"` | Pod creation timeout. The Operator allows the timeout of pod creation to be manually configured. It is primarily intended for use on cloud platforms where the deployment of multiple volumes and pulling of a Couchbase Server container image may take a longer time than the default timeout period. -| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Operator container. +| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.6.0"}` | Image specifies repository and tag of the Couchbase Operator container. | couchbaseOperator.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | couchbaseOperator.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images. | couchbaseOperator.name | string | `"couchbase-operator"` | Name of the couchbase operator Deployment diff --git a/charts/couchbase-operator/crds/couchbase.crds.yaml b/charts/couchbase-operator/crds/couchbase.crds.yaml index 063587c..d3e3282 100644 --- a/charts/couchbase-operator/crds/couchbase.crds.yaml +++ b/charts/couchbase-operator/crds/couchbase.crds.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbaseautoscalers.couchbase.com spec: @@ -27,9 +27,9 @@ spec: schema: openAPIV3Schema: description: CouchbaseAutoscaler provides an interface for the Kubernetes - Horizontal Pod Autoscaler to interactive with the Couchbase cluster and - provide autoscaling. This resource is not defined by the end user, and - is managed by the Operator. + Horizontal Pod Autoscaler to interact with the Couchbase cluster and provide + autoscaling. This resource is not defined by the end user, and is managed + by the Operator. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -92,7 +92,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasebackuprestores.couchbase.com spec: @@ -439,8 +439,6 @@ spec: format: int32 minimum: 0 type: integer - required: - - backup type: object status: description: CouchbaseBackupRestoreStatus provides status indications @@ -526,7 +524,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasebackups.couchbase.com spec: @@ -861,10 +859,14 @@ spec: fields respectively. Care should be taken to ensure full and incremental schedules do not overlap, taking into account the backup time, as this will cause failures as the jobs attempt to mount the same backup - volume. This field default to `full_incremental`. Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html' + volume. To cause a backup to occur immediately use `immediate_incremental` + or `immediate_full` for incremental or full backups respectively. + This field default to `full_incremental`. Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html' enum: - full_incremental - full_only + - immediate_incremental + - immediate_full type: string successfulJobsHistoryLimit: default: 3 @@ -980,7 +982,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasebuckets.couchbase.com spec: @@ -1215,7 +1217,7 @@ spec: type: array selector: description: 'Selector allows resources to be implicitly considered - for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -1278,7 +1280,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbaseclusters.couchbase.com spec: @@ -1468,6 +1470,28 @@ spec: and restore containers. Will be populated by defaults if not specified. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1488,7 +1512,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object s3Secret: @@ -1833,10 +1858,10 @@ spec: by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between - 4 and 64 threads, and should only be increased where there - are sufficient CPU resources allocated for their use. If - not specified, this defaults to the default value set by - Couchbase Server. + 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient + CPU resources allocated for their use. If not specified, + this defaults to the default value set by Couchbase Server. maximum: 64 minimum: 1 type: integer @@ -1845,20 +1870,21 @@ spec: by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between - 4 and 64 threads, and should only be increased where there - are sufficient CPU resources allocated for their use. If - not specified, this defaults to the default value set by - Couchbase Server. + 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient + CPU resources allocated for their use. If not specified, + this defaults to the default value set by Couchbase Server. maximum: 64 minimum: 1 type: integer readerThreads: description: ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value - must be between 4 and 64 threads, and should only be increased - where there are sufficient CPU resources allocated for their - use. If not specified, this defaults to the default value - set by Couchbase Server. + must be between 4 and 64 threads for CB versions below 7.1.0 + and, or 1 and 64 for CB versions 7.1.0+. and should only + be increased where there are sufficient CPU resources allocated + for their use. If not specified, this defaults to the default + value set by Couchbase Server. maximum: 64 minimum: 1 type: integer @@ -1867,10 +1893,11 @@ spec: by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This - value must be between 4 and 64 threads, and should only - be increased where there are sufficient CPU resources allocated - for their use. If not specified, this defaults to the default - value set by Couchbase Server. + value must be between 4 and 64 threads for CB versions below + 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should + only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults + to the default value set by Couchbase Server. maximum: 64 minimum: 1 type: integer @@ -2175,6 +2202,30 @@ spec: for the cleanup container. Will be populated by Kubernetes defaults if not specified. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2196,8 +2247,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -2295,6 +2346,30 @@ spec: the sidecar container. Will be populated by Kubernetes defaults if not specified. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2316,7 +2391,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object type: object @@ -2361,6 +2437,28 @@ spec: metrics container. Will be populated by Kubernetes defaults if not specified. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2382,7 +2480,7 @@ spec: compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object required: @@ -2414,7 +2512,7 @@ spec: type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or - replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core' + replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core' properties: metadata: description: Standard objects metadata. This is a curated @@ -2636,11 +2734,10 @@ spec: supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific - annotations when available. This field may be removed - in a future API version.' + was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific + annotations when available.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -2742,7 +2839,17 @@ spec: description: DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate - configuration, and TLS security policies. + configuration, and TLS security policies. If no TLS config + are explicitly provided, the operator generates/manages + self-signed certs/keys and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` + unique to a Couchbase cluster, which is volume mounted to + the cb k8s pod. This action could be overidden at the outset + or later, by using the below TLS config or generating the + secret of same name as `couchbase-cloud-native-gateway-self-signed-secret-` + with certificates conforming to the keys of well-known type + "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The + secret is on per cluster basis so it's advised to use the + unique cluster name else would be ignored. properties: serverSecretName: description: DEVELOPER PREVIEW - This feature is in developer @@ -2791,7 +2898,7 @@ spec: any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More - info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core' + info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core' properties: metadata: description: Standard objects metadata. This is a curated @@ -3013,11 +3120,10 @@ spec: supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific - annotations when available. This field may be removed - in a future API version.' + was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific + annotations when available.' type: string loadBalancerSourceRanges: description: 'If specified and supported by the platform, @@ -3392,6 +3498,15 @@ spec: addresses. type: string type: object + onlineVolumeExpansionTimeoutInMins: + description: OnlineVolumeExpansionTimeoutInMins must be provided as + a retry mechanism with a timeout in minutes for expanding volumes. + This must only be provided, if EnableOnlineVolumeExpansion is set + to true. Value must be between 0 and 30. If no value is provided, + then it defaults to 10 minutes. + maximum: 30 + minimum: 0 + type: integer paused: description: Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead @@ -3671,7 +3786,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT + be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3686,9 +3802,13 @@ spec: supplementalGroups: description: A list of groups applied to the first process run in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - Note that this field cannot be set when spec.os.name is - windows. + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. items: format: int64 type: integer @@ -3732,15 +3852,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -3927,7 +4044,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT + be set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -3959,15 +4077,12 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also be + set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4081,7 +4196,8 @@ spec: in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + location. Must be set if type is "Localhost". Must NOT be + set for any other type. type: string type: description: "type indicates which kind of seccomp profile @@ -4095,9 +4211,14 @@ spec: type: object supplementalGroups: description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. Note - that this field cannot be set when spec.os.name is windows. + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. items: format: int64 type: integer @@ -4140,14 +4261,11 @@ spec: type: string hostProcess: description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint @@ -4355,7 +4473,7 @@ spec: as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to - modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core' + modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core' properties: metadata: description: Standard objects metadata. This is a curated @@ -5563,6 +5681,57 @@ spec: object with that name. If not specified, the pod priority will be default or zero if there is no default. type: string + resourceClaims: + description: "ResourceClaims defines which ResourceClaims + must be allocated and reserved before the Pod is allowed + to start. The resources will be made available to + those containers which consume them by name. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: PodResourceClaim references exactly one + ResourceClaim through a ClaimSource. It adds a name + to it that uniquely identifies the ResourceClaim + inside the Pod. Containers that need access to the + ResourceClaim reference it with this name. + properties: + name: + description: Name uniquely identifies this resource + claim inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name + of a ResourceClaim object in the same namespace + as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is + the name of a ResourceClaimTemplate object + in the same namespace as this pod. \n The + template will be used to create a new ResourceClaim, + which will be bound to this pod. When this + pod is deleted, the ResourceClaim will also + be deleted. The pod name and resource name, + along with a generated component, will be + used to form a unique name for the ResourceClaim, + which will be recorded in pod.status.resourceClaimStatuses. + \n This field is immutable and no changes + will be made to the corresponding ResourceClaim + by the control plane after creating the + ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map runtimeClassName: description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used @@ -5578,6 +5747,30 @@ spec: by specified scheduler. If not specified, the pod will be dispatched by default scheduler. type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values + that if specified will block scheduling the pod. If + schedulingGates is not empty, the pod will stay in + the SchedulingGated state and the scheduler will not + attempt to schedule the pod. \n SchedulingGates can + only be set at pod creation time, and be removed only + afterwards. \n This is a beta feature enabled by the + PodSchedulingReadiness feature gate." + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: Name of the scheduling gate. Each + scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map serviceAccount: description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName @@ -5731,16 +5924,21 @@ spec: type: object type: object matchLabelKeys: - description: MatchLabelKeys is a set of pod label + description: "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys - that don't exist in the incoming pod labels - will be ignored. A null or empty list means - only match against labelSelector. + will be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be + set when LabelSelector isn't set. Keys that + don't exist in the incoming pod labels will + be ignored. A null or empty list means only + match against labelSelector. \n This is a beta + field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." items: type: string type: array @@ -5809,8 +6007,8 @@ spec: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to - the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: @@ -5822,8 +6020,8 @@ spec: are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore - policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: @@ -5881,6 +6079,28 @@ spec: Couchbase server container. This field overrides any automatic allocation as defined by `spec.autoResourceAllocation`. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5901,8 +6121,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object serverGroups: @@ -6025,6 +6245,18 @@ spec: in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. type: boolean + upgradeProcess: + description: UpgradeProcess defines the process that will be used + when performing a couchbase cluster upgrade. When SwapRebalance + is requested (default), pods will be upgraded using either a RollingUpgrade + or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery + is requested, the operator will perform an in-place upgrade on a + best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy + is set to ImmediateUpgrade. + enum: + - SwapRebalance + - DeltaRecovery + type: string upgradeStrategy: description: UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is @@ -6090,25 +6322,31 @@ spec: dataSourceRef: description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume - is desired. This may be any local object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding will - only succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only + succeed if the type of the specified object matches some + installed volume populator or dynamic provisioner. This + field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must - have the same value. For backwards compatibility, both - fields (DataSource and DataSourceRef) will be set to the - same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + have the same value. For backwards compatibility, when + namespace isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other + is non-empty. When namespace is specified in dataSourceRef, + dataSource isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows two + specific types of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. * While + dataSource ignores disallowed values (dropping them), + dataSourceRef preserves all values, and generates an error + if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' properties: apiGroup: description: APIGroup is the group for the resource @@ -6122,6 +6360,16 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string required: - kind - name @@ -6134,6 +6382,29 @@ spec: still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6155,7 +6426,7 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -6622,7 +6893,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasecollectiongroups.couchbase.com spec: @@ -6708,7 +6979,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasecollections.couchbase.com spec: @@ -6781,7 +7052,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbaseephemeralbuckets.couchbase.com spec: @@ -7003,7 +7274,7 @@ spec: type: array selector: description: 'Selector allows resources to be implicitly considered - for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -7056,7 +7327,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasegroups.couchbase.com spec: @@ -7137,7 +7408,7 @@ spec: type: array selector: description: 'Selector allows resources to be implicitly - considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -7223,7 +7494,7 @@ spec: selector: description: 'Selector allows resources to be implicitly considered for inclusion in this collection or collections. More - info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -7361,7 +7632,7 @@ spec: selector: description: 'Selector allows resources to be implicitly considered for inclusion in this scope or scopes. More - info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -7423,7 +7694,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasememcachedbuckets.couchbase.com spec: @@ -7504,7 +7775,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasemigrationreplications.couchbase.com spec: @@ -7652,7 +7923,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasereplications.couchbase.com spec: @@ -7857,7 +8128,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbaserolebindings.couchbase.com spec: @@ -7937,7 +8208,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasescopegroups.couchbase.com spec: @@ -8036,7 +8307,7 @@ spec: type: array selector: description: 'Selector allows resources to be implicitly considered - for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -8112,7 +8383,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbasescopes.couchbase.com spec: @@ -8208,7 +8479,7 @@ spec: type: array selector: description: 'Selector allows resources to be implicitly considered - for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' properties: matchExpressions: description: matchExpressions is a list of label selector @@ -8284,7 +8555,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 + config.couchbase.com/version: 2.6.0 controller-gen.kubebuilder.io/version: v0.8.0 name: couchbaseusers.couchbase.com spec: diff --git a/charts/couchbase-operator/values-all.yaml b/charts/couchbase-operator/values-all.yaml index 5a5214c..0bddcda 100644 --- a/charts/couchbase-operator/values-all.yaml +++ b/charts/couchbase-operator/values-all.yaml @@ -20,7 +20,7 @@ couchbaseOperator: # -- Image specifies repository and tag of the Couchbase Operator container. image: repository: couchbase/operator - tag: 2.5.0 + tag: 2.6.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -53,7 +53,7 @@ admissionController: # -- Image specifies repository and tag of the Couchbase Admission container. image: repository: couchbase/admission-controller - tag: 2.5.0 + tag: 2.6.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -708,7 +708,7 @@ buckets: # -- Selector allows resources to be implicitly considered for inclusion # in this bucket. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#labelselector-v1-meta + # api/v1.28/#labelselector-v1-meta selector: # -- matchExpressions is a list of label selector requirements. The # requirements are ANDed. @@ -828,15 +828,25 @@ cluster: # -- Resources is the resource requirements for the backup and restore # containers. Will be populated by defaults if not specified. resources: + # -- Claims lists the names of resources, defined in spec.resourceClaims, + # that are used by this container. This is an alpha field and requires + # enabling the DynamicResourceAllocation feature gate. This field is + # immutable. It can only be set for containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims of + # the Pod where this field is used. It makes that resource available + # inside a container. + name: # -- Limits describes the maximum amount of compute resources allowed. # More info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ limits: # -- Requests describes the minimum amount of compute resources required. # If Requests is omitted for a container, it defaults to Limits if that is - # explicitly specified, otherwise to an implementation-defined value. More - # info: https://kubernetes.io/docs/concepts/configuration/manage- - # resources-containers/ + # explicitly specified, otherwise to an implementation-defined value. + # Requests cannot exceed Limits. More info: + # https://kubernetes.io/docs/concepts/configuration/manage-resources- + # containers/ requests: # -- Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret # contains the key region and optionally access-key-id and secret-access-key @@ -1034,30 +1044,34 @@ cluster: # -- AuxIOThreads allows the number of threads used by the data service, # per pod, to be altered. This indicates the number of threads that are # to be used in the AuxIO thread pool to run auxiliary I/O tasks. This - # value must be between 4 and 64 threads, and should only be increased - # where there are sufficient CPU resources allocated for their use. If not - # specified, this defaults to the default value set by Couchbase Server. + # value must be between 1 and 64 threads and is only supported on CB + # versions 7.1.0+. and should only be increased where there are sufficient + # CPU resources allocated for their use. If not specified, this defaults + # to the default value set by Couchbase Server. auxIOThreads: # -- NonIOThreads allows the number of threads used by the data service, # per pod, to be altered. This indicates the number of threads that are # to be used in the NonIO thread pool to run in memory tasks. This value - # must be between 4 and 64 threads, and should only be increased where - # there are sufficient CPU resources allocated for their use. If not - # specified, this defaults to the default value set by Couchbase Server. + # must be between 1 and 64 threads and is only supported on CB versions + # 7.1.0+. and should only be increased where there are sufficient CPU + # resources allocated for their use. If not specified, this defaults to + # the default value set by Couchbase Server. nonIOThreads: # -- ReaderThreads allows the number of threads used by the data service, - # per pod, to be altered. This value must be between 4 and 64 threads, - # and should only be increased where there are sufficient CPU resources + # per pod, to be altered. This value must be between 4 and 64 threads for + # CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and + # should only be increased where there are sufficient CPU resources # allocated for their use. If not specified, this defaults to the default # value set by Couchbase Server. readerThreads: # -- WriterThreads allows the number of threads used by the data service, # per pod, to be altered. This setting is especially relevant when using # "durable writes", increasing this field will have a large impact on - # performance. This value must be between 4 and 64 threads, and should - # only be increased where there are sufficient CPU resources allocated for - # their use. If not specified, this defaults to the default value set by - # Couchbase Server. + # performance. This value must be between 4 and 64 threads for CB + # versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and + # should only be increased where there are sufficient CPU resources + # allocated for their use. If not specified, this defaults to the default + # value set by Couchbase Server. writerThreads: # -- DataServiceMemQuota is the amount of memory that should be allocated to # the data service. This value is per-pod, and only applicable to pods @@ -1189,7 +1203,7 @@ cluster: # -- Image is the container image name that will be used to launch Couchbase # server instances. Updating this field will cause an automatic upgrade of # the cluster. - image: couchbase/server:7.2.0 + image: couchbase/server:7.2.3 # -- Logging defines Operator logging options. logging: # -- Used to manage the audit configuration directly @@ -1234,6 +1248,16 @@ cluster: # Resources is the resource requirements for the cleanup container. # Will be populated by Kubernetes defaults if not specified. resources: + # Claims lists the names of resources, defined in + # spec.resourceClaims, that are used by this container. This is an + # alpha field and requires enabling the DynamicResourceAllocation + # feature gate. This field is immutable. It can only be set for + # containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims + # of the Pod where this field is used. It makes that resource + # available inside a container. + name: # Limits describes the maximum amount of compute resources allowed. # More info: # https://kubernetes.io/docs/concepts/configuration/manage- @@ -1242,8 +1266,8 @@ cluster: # Requests describes the minimum amount of compute resources # required. If Requests is omitted for a container, it defaults to # Limits if that is explicitly specified, otherwise to an - # implementation-defined value. More info: - # https://kubernetes.io/docs/concepts/configuration/manage- + # implementation-defined value. Requests cannot exceed Limits. More + # info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ requests: # -- The interval to optionally rotate the audit log. This is passed to @@ -1302,6 +1326,15 @@ cluster: # Resources is the resource requirements for the sidecar container. Will # be populated by Kubernetes defaults if not specified. resources: + # Claims lists the names of resources, defined in spec.resourceClaims, + # that are used by this container. This is an alpha field and + # requires enabling the DynamicResourceAllocation feature gate. This + # field is immutable. It can only be set for containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims + # of the Pod where this field is used. It makes that resource + # available inside a container. + name: # Limits describes the maximum amount of compute resources allowed. # More info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ @@ -1309,7 +1342,7 @@ cluster: # Requests describes the minimum amount of compute resources required. # If Requests is omitted for a container, it defaults to Limits if # that is explicitly specified, otherwise to an implementation-defined - # value. More info: + # value. Requests cannot exceed Limits. More info: # https://kubernetes.io/docs/concepts/configuration/manage-resources- # containers/ requests: @@ -1337,7 +1370,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core adminConsoleServiceTemplate: # -- Standard objects metadata. This is a curated version for use with # Couchbase resource templates. @@ -1491,10 +1524,9 @@ cluster: # loadBalancerIP when a load balancer is created. This field will be # ignored if the cloud-provider does not support the feature. # Deprecated: This field was under-specified and its meaning varies - # across implementations, and it cannot support dual-stack. As of - # Kubernetes v1.24, users are encouraged to use implementation-specific - # annotations when available. This field may be removed in a future API - # version. + # across implementations. Using it is non-portable and it may not + # support dual-stack. Users are encouraged to use implementation- + # specific annotations when available. loadBalancerIP: # If specified and supported by the platform, this will restrict traffic # through the cloud-provider load-balancer will be restricted to the @@ -1555,6 +1587,16 @@ cluster: # -- DEVELOPER PREVIEW - This feature is in developer preview. TLS defines # the TLS configuration for the Cloud Native Gateway server including # server and client certificate configuration, and TLS security policies. + # If no TLS config are explicitly provided, the operator generates/manages + # self-signed certs/keys and creates a k8s secret named `couchbase-cloud- + # native-gateway-self-signed-secret-` unique to a Couchbase + # cluster, which is volume mounted to the cb k8s pod. This action could be + # overidden at the outset or later, by using the below TLS config or + # generating the secret of same name as `couchbase-cloud-native-gateway- + # self-signed-secret-` with certificates conforming to the + # keys of well-known type "kubernetes.io/tls" with "tls.crt" and + # "tls.key". N.B. The secret is on per cluster basis so it's advised to + # use the unique cluster name else would be ignored. tls: # DEVELOPER PREVIEW - This feature is in developer preview. # ServerSecretName specifies the secret name, in the same namespace as @@ -1586,7 +1628,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core exposedFeatureServiceTemplate: # -- Standard objects metadata. This is a curated version for use with # Couchbase resource templates. @@ -1740,10 +1782,9 @@ cluster: # loadBalancerIP when a load balancer is created. This field will be # ignored if the cloud-provider does not support the feature. # Deprecated: This field was under-specified and its meaning varies - # across implementations, and it cannot support dual-stack. As of - # Kubernetes v1.24, users are encouraged to use implementation-specific - # annotations when available. This field may be removed in a future API - # version. + # across implementations. Using it is non-portable and it may not + # support dual-stack. Users are encouraged to use implementation- + # specific annotations when available. loadBalancerIP: # If specified and supported by the platform, this will restrict traffic # through the cloud-provider load-balancer will be restricted to the @@ -1831,6 +1872,11 @@ cluster: # to the cluster. This prevents negative DNS caching while waiting for # external-DDNS controllers to propagate addresses. waitForAddressReachableDelay: 2m + # -- OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism + # with a timeout in minutes for expanding volumes. This must only be provided, + # if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and + # 30. If no value is provided, then it defaults to 10 minutes. + onlineVolumeExpansionTimeoutInMins: # -- Paused is to pause the control of the operator for the Couchbase cluster. # This does not pause the cluster itself, instead stopping the operator from # taking any action. @@ -1943,7 +1989,8 @@ cluster: # localhostProfile indicates a profile defined in a file on the node # should be used. The profile must be preconfigured on the node to work. # Must be a descending path, relative to the kubelet's configured - # seccomp profile location. Must only be set if type is "Localhost". + # seccomp profile location. Must be set if type is "Localhost". Must NOT + # be set for any other type. localhostProfile: # type indicates which kind of seccomp profile will be applied. Valid # options are: Localhost - a profile defined in a file on the node @@ -1951,8 +1998,12 @@ cluster: # should be used. Unconfined - no profile should be applied. type: # -- A list of groups applied to the first process run in each container, - # in addition to the container's primary GID. If unspecified, no groups - # will be added to any container. Note that this field cannot be set when + # in addition to the container's primary GID, the fsGroup (if specified), + # and group memberships defined in the container image for the uid of the + # container process. If unspecified, no additional groups are added to any + # container. Note that group memberships defined in the container image + # for the uid of the container process are still effective, even if they + # are not included in this list. Note that this field cannot be set when # spec.os.name is windows. supplementalGroups: # -- Sysctls hold a list of namespaced sysctls used for the pod. Pods with @@ -1976,14 +2027,10 @@ cluster: # GMSACredentialSpecName is the name of the GMSA credential spec to use. gmsaCredentialSpecName: # HostProcess determines if a container should be run as a 'Host - # Process' container. This field is alpha-level and will only be honored - # by components that enable the WindowsHostProcessContainers feature - # flag. Setting this field without the feature flag will result in - # errors when validating the Pod. All of a Pod's containers must have - # the same effective HostProcess value (it is not allowed to have a mix - # of HostProcess containers and non-HostProcess containers). In - # addition, if HostProcess is true then HostNetwork must also be set to - # true. + # Process' container. All of a Pod's containers must have the same + # effective HostProcess value (it is not allowed to have a mix of + # HostProcess containers and non-HostProcess containers). In addition, + # if HostProcess is true then HostNetwork must also be set to true. hostProcess: false # The UserName in Windows to run the entrypoint of the container # process. Defaults to the user specified in image metadata if @@ -2073,7 +2120,7 @@ cluster: # cluster upgrade in order to fulfill the request. The Operator reserves # the right to modify or replace any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#pod-v1-core + # api/v1.28/#pod-v1-core pod: spec: {} # -- Services is the set of Couchbase services to run on this server @@ -2094,6 +2141,14 @@ cluster: # UI. When enabled, the UI will alert when a Couchbase server upgrade is # available. softwareUpdateNotifications: false + # -- UpgradeProcess defines the process that will be used when performing a + # couchbase cluster upgrade. When SwapRebalance is requested (default), pods + # will be upgraded using either a RollingUpgrade or ImmediateUpgrade + # (determined by UpgradeStrategy). When DeltaRecovery is requested, the + # operator will perform an in-place upgrade on a best effort basis. + # DeltaRecovery cannot be used if the UpgradeStrategy is set to + # ImmediateUpgrade. + upgradeProcess: # -- UpgradeStrategy controls how aggressive the Operator is when performing a # cluster upgrade. When a rolling upgrade is requested, pods are upgraded one # at a time. This strategy is slower, however less disruptive. When an @@ -2135,22 +2190,28 @@ cluster: # volumes#access-modes-1 accessModes: # -- dataSourceRef specifies the object from which to populate the volume - # with data, if a non-empty volume is desired. This may be any local - # object from a non-empty API group (non core object) or a - # PersistentVolumeClaim object. When this field is specified, volume - # binding will only succeed if the type of the specified object matches - # some installed volume populator or dynamic provisioner. This field will - # replace the functionality of the DataSource field and as such if both - # fields are non-empty, they must have the same value. For backwards - # compatibility, both fields (DataSource and DataSourceRef) will be set to - # the same value automatically if one of them is empty and the other is - # non-empty. There are two important differences between DataSource and - # DataSourceRef: * While DataSource only allows two specific types of - # objects, DataSourceRef allows any non-core object, as well as - # PersistentVolumeClaim objects. * While DataSource ignores disallowed - # values (dropping them), DataSourceRef preserves all values, and - # generates an error if a disallowed value is specified. (Beta) Using this - # field requires the AnyVolumeDataSource feature gate to be enabled. + # with data, if a non-empty volume is desired. This may be any object from + # a non-empty API group (non core object) or a PersistentVolumeClaim + # object. When this field is specified, volume binding will only succeed + # if the type of the specified object matches some installed volume + # populator or dynamic provisioner. This field will replace the + # functionality of the dataSource field and as such if both fields are + # non-empty, they must have the same value. For backwards compatibility, + # when namespace isn't specified in dataSourceRef, both fields (dataSource + # and dataSourceRef) will be set to the same value automatically if one of + # them is empty and the other is non-empty. When namespace is specified in + # dataSourceRef, dataSource isn't set to the same value and must be empty. + # There are three important differences between dataSource and + # dataSourceRef: * While dataSource only allows two specific types of + # objects, dataSourceRef allows any non-core object, as well as + # PersistentVolumeClaim objects. * While dataSource ignores disallowed + # values (dropping them), dataSourceRef preserves all values, and + # generates an error if a disallowed value is specified. * While + # dataSource only allows local objects, dataSourceRef allows objects in + # any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + # feature gate to be enabled. (Alpha) Using the namespace field of + # dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate + # to be enabled. dataSourceRef: # APIGroup is the group for the resource being referenced. If APIGroup # is not specified, the specified Kind must be in the core API group. @@ -2160,6 +2221,13 @@ cluster: kind: # Name is the name of resource being referenced name: + # Namespace is the namespace of resource being referenced Note that when + # a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + # object is required in the referent namespace to allow that namespace's + # owner to accept the reference. See the ReferenceGrant documentation + # for details. (Alpha) This field requires the + # CrossNamespaceVolumeDataSource feature gate to be enabled. + namespace: # -- resources represents the minimum resources the volume should have. If # RecoverVolumeExpansionFailure feature is enabled users are allowed to # specify resource requirements that are lower than previous value but @@ -2167,6 +2235,15 @@ cluster: # claim. More info: # https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources resources: + # Claims lists the names of resources, defined in spec.resourceClaims, + # that are used by this container. This is an alpha field and requires + # enabling the DynamicResourceAllocation feature gate. This field is + # immutable. It can only be set for containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims of + # the Pod where this field is used. It makes that resource available + # inside a container. + name: # Limits describes the maximum amount of compute resources allowed. More # info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ @@ -2174,8 +2251,9 @@ cluster: # Requests describes the minimum amount of compute resources required. # If Requests is omitted for a container, it defaults to Limits if that # is explicitly specified, otherwise to an implementation-defined value. - # More info: https://kubernetes.io/docs/concepts/configuration/manage- - # resources-containers/ + # Requests cannot exceed Limits. More info: + # https://kubernetes.io/docs/concepts/configuration/manage-resources- + # containers/ requests: # -- selector is a label query over volumes to consider for binding. selector: diff --git a/charts/couchbase-operator/values.yaml b/charts/couchbase-operator/values.yaml index 5c7fd1e..240f5d3 100644 --- a/charts/couchbase-operator/values.yaml +++ b/charts/couchbase-operator/values.yaml @@ -20,7 +20,7 @@ couchbaseOperator: # -- Image specifies repository and tag of the Couchbase Operator container. image: repository: couchbase/operator - tag: 2.5.0 + tag: 2.6.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -53,7 +53,7 @@ admissionController: # -- Image specifies repository and tag of the Couchbase Admission container. image: repository: couchbase/admission-controller - tag: 2.5.0 + tag: 2.6.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -945,7 +945,7 @@ cluster: envImagePrecedence: false # -- Hibernate is whether to hibernate the cluster. hibernate: false - image: couchbase/server:7.2.0 + image: couchbase/server:7.2.3 # -- Logging defines Operator logging options. logging: # -- Used to manage the audit configuration directly @@ -1039,7 +1039,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core adminConsoleServiceTemplate: # -- ServiceSpec describes the attributes that a user creates on a # service. @@ -1063,7 +1063,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core exposedFeatureServiceTemplate: # -- ServiceSpec describes the attributes that a user creates on a # service. @@ -1116,14 +1116,10 @@ cluster: # cannot be set when spec.os.name is linux. windowsOptions: # HostProcess determines if a container should be run as a 'Host - # Process' container. This field is alpha-level and will only be honored - # by components that enable the WindowsHostProcessContainers feature - # flag. Setting this field without the feature flag will result in - # errors when validating the Pod. All of a Pod's containers must have - # the same effective HostProcess value (it is not allowed to have a mix - # of HostProcess containers and non-HostProcess containers). In - # addition, if HostProcess is true then HostNetwork must also be set to - # true. + # Process' container. All of a Pod's containers must have the same + # effective HostProcess value (it is not allowed to have a mix of + # HostProcess containers and non-HostProcess containers). In addition, + # if HostProcess is true then HostNetwork must also be set to true. hostProcess: false # -- RBAC is the options provided for enabling and selecting RBAC User # resources to manage. @@ -1176,7 +1172,7 @@ cluster: # cluster upgrade in order to fulfill the request. The Operator reserves # the right to modify or replace any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#pod-v1-core + # api/v1.28/#pod-v1-core pod: spec: {} services: diff --git a/charts/couchbase-operator/values.yamltmpl b/charts/couchbase-operator/values.yamltmpl index 0f87c82..d822802 100644 --- a/charts/couchbase-operator/values.yamltmpl +++ b/charts/couchbase-operator/values.yamltmpl @@ -20,7 +20,7 @@ couchbaseOperator: # -- Image specifies repository and tag of the Couchbase Operator container. image: repository: couchbase/operator - tag: 2.5.0 + tag: 2.6.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -53,7 +53,7 @@ admissionController: # -- Image specifies repository and tag of the Couchbase Admission container. image: repository: couchbase/admission-controller - tag: 2.5.0 + tag: 2.6.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. diff --git a/tools/value-generation/gen.py b/tools/value-generation/gen.py index 4d53d09..e4c3db4 100644 --- a/tools/value-generation/gen.py +++ b/tools/value-generation/gen.py @@ -158,7 +158,7 @@ def postProcessCluster(crd_value, value_map, comment_map) : value_map[crd_value]['backup']['managed'] = True value_map[crd_value]['buckets']['managed'] = True - value_map[crd_value]['image'] = 'couchbase/server:7.2.0' + value_map[crd_value]['image'] = 'couchbase/server:7.2.3' comment_map[(crd_value, 'backup')] += " Refer to the documentation for supported values https://docs.couchbase.com/operator/current/howto-backup.html#enable-automated-backup" value_map[crd_value]['networking']['adminConsoleServices'] = ['data']